diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-08-11 16:37:55 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-08-11 16:37:55 +0000 |
| commit | 12a2d660e9d106fb5c7d11bb61b3f956d00f9d17 (patch) | |
| tree | 8a12be65ef3283773bfa2ca6684041ed0832dd8f /src/lib | |
| parent | 167aed220154427f3a7b5dbb859d93b773c08992 (diff) | |
| download | krb5-12a2d660e9d106fb5c7d11bb61b3f956d00f9d17.tar.gz krb5-12a2d660e9d106fb5c7d11bb61b3f956d00f9d17.tar.xz krb5-12a2d660e9d106fb5c7d11bb61b3f956d00f9d17.zip | |
Fix call to gss_inquire_cred from spnego_gss_acquire_cred_impersonate_name
If desired_mechs is NULL (this should never happen when invoked from
the MIT mechglue), we call gss_inquire_cred to get a list of mechs.
This call needs to pass a union cred handle, not the SPNEGO handle we
got as input. Reported by aberry@likewise.com.
ticket: 6945
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25098 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/gssapi/spnego/spnego_mech.c | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 9461b75cb..5a1b6d113 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -2456,7 +2456,7 @@ KRB5_CALLCONV spnego_gss_acquire_cred_impersonate_name(OM_uint32 *minor_status, OM_uint32 status; gss_OID_set amechs = GSS_C_NULL_OID_SET; spnego_gss_cred_id_t imp_spcred = NULL, out_spcred = NULL; - gss_cred_id_t mcred; + gss_cred_id_t imp_mcred, out_mcred; dsyslog("Entering spnego_gss_acquire_cred_impersonate_name\n"); @@ -2466,10 +2466,10 @@ KRB5_CALLCONV spnego_gss_acquire_cred_impersonate_name(OM_uint32 *minor_status, if (time_rec) *time_rec = 0; + imp_spcred = (spnego_gss_cred_id_t)impersonator_cred_handle; + imp_mcred = imp_spcred ? imp_spcred->mcred : GSS_C_NO_CREDENTIAL; if (desired_mechs == GSS_C_NO_OID_SET) { - status = gss_inquire_cred(minor_status, - impersonator_cred_handle, - NULL, NULL, + status = gss_inquire_cred(minor_status, imp_mcred, NULL, NULL, NULL, &amechs); if (status != GSS_S_COMPLETE) return status; @@ -2477,24 +2477,22 @@ KRB5_CALLCONV spnego_gss_acquire_cred_impersonate_name(OM_uint32 *minor_status, desired_mechs = amechs; } - imp_spcred = (spnego_gss_cred_id_t)impersonator_cred_handle; - status = gss_acquire_cred_impersonate_name(minor_status, - imp_spcred ? imp_spcred->mcred : GSS_C_NO_CREDENTIAL, - desired_name, time_req, - desired_mechs, cred_usage, - &mcred, actual_mechs, - time_rec); + status = gss_acquire_cred_impersonate_name(minor_status, imp_mcred, + desired_name, time_req, + desired_mechs, cred_usage, + &out_mcred, actual_mechs, + time_rec); if (amechs != GSS_C_NULL_OID_SET) (void) gss_release_oid_set(minor_status, &amechs); out_spcred = malloc(sizeof(spnego_gss_cred_id_rec)); if (out_spcred == NULL) { - gss_release_cred(minor_status, &mcred); + gss_release_cred(minor_status, &out_mcred); *minor_status = ENOMEM; return (GSS_S_FAILURE); } - out_spcred->mcred = mcred; + out_spcred->mcred = out_mcred; out_spcred->neg_mechs = GSS_C_NULL_OID_SET; *output_cred_handle = (gss_cred_id_t)out_spcred; |